From ed8f9b733706a69d039c277d03bb9d10c5571b92 Mon Sep 17 00:00:00 2001
From: Anthony Rubick <68485672+AnthonyMichaelTDM@users.noreply.github.com>
Date: Thu, 17 Jul 2025 23:18:40 -0700
Subject: [PATCH] fix(plugin-auth): check both endpoint and method

---
 src/mod/auth/plugin_apikey_manager.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mod/auth/plugin_apikey_manager.go b/src/mod/auth/plugin_apikey_manager.go
index 7a06553..cef838a 100644
--- a/src/mod/auth/plugin_apikey_manager.go
+++ b/src/mod/auth/plugin_apikey_manager.go
@@ -84,7 +84,7 @@ func (m *APIKeyManager) ValidateAPIKeyForEndpoint(endpoint string, method string
 
 	// Check if the endpoint is permitted
 	for _, permittedEndpoint := range pluginAPIKey.PermittedEndpoints {
-		if permittedEndpoint.Endpoint == endpoint {
+		if permittedEndpoint.Endpoint == endpoint && permittedEndpoint.Method == method {
 			return pluginAPIKey, nil
 		}
 	}